TechSpot

Can't complete the 8 steps

By Garth
Jul 14, 2009
  1. Hi,
    I'm trying to sort out my daughter's laptop which has been infected by some nastie.
    So I run through the 8 steps but fall at the 4th! Malwarebytes installs fine but wont run and SuperAntiSpyware won't install at all. (I have also found that Spybot S+D blue screens). Hijackthis runs and I attach the log file.
    I hope someone out there can help me!
     
  2. Garth

    Garth TS Rookie Topic Starter

    Maybe I should give more detail.

    The laptop is a Sony Vaio running Vista (I am used to XP).

    My daughter brought it to me because searches were being redirected. I found the DNS was being hijacked and the firewall (Comodo) turned off and not updated.

    I tried resting the manually but to no avail, so I ran Mcafee stinger which found an autorun file that it could not delete, so I tried Linux Defender (Bitdefender on Linux that boots from the CD) which got rid of the autorun file.

    Then I was able to get Comodo (firewall and anti-virus) updated which found a few things (afraid I don't remember what), and I ran HijackThis which showed an entry with DNS addresses which I deleted.

    Then tried to install Spybot S+D (I see people don't think alot of it but I like Teatimer) but it blue screened. I tried Superantispyware and Malwarebytes Anti-Malware but they won't run. Spyware Doctor runs and found a couple of trojans (don't remember the names) - as I only have the trial version I had to remove the files and reg entries manually.

    I have run Ccleaner several times with all the boxes ticked so I was surprised when Spyware Doctor found a cookie from atdmt so I searched the registry and found two entries for atdmt which I deleted.

    So thats where I am at. The laptop works fine except that I can't install/run anti-malware programs and Comodo anti-virus finds and quarantines a file - windows\system32\gxvcuuttewcdfrpgtwxobpmvyrsawfrcxt.dll every day.

    Anyone got any ideas or suggestions?
     
  3. Garth

    Garth TS Rookie Topic Starter

    Did some searching and decided that a rootkit was behind the antimalware progs not working - I had run Blacklight before and found nothing - so I tried RootRepeal

    It found some files with names similar to the .dll that Comodo keeps finding that were hidden from windows, so I removed gxvcuuttewcdfrpgtwxobpmvyrsawfrcxt.sys,
    rebooted and now everything works.

    I ran Malwarebytes and it found a bunch of files related to the rootkit which it removed.

    Sorted!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...